[Samba] Domain membership problem in OpenSuse 10.2 - Samba

This is a discussion on [Samba] Domain membership problem in OpenSuse 10.2 - Samba ; Dear Everyone, I am trying to use an OpenSuse 10.2 computer on a Windows 2000 domain using winbind authentication (join to domain). I added a few lines to the smb.conf for extracting sfu attributes, and my smb.conf looks like this: ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [Samba] Domain membership problem in OpenSuse 10.2

  1. [Samba] Domain membership problem in OpenSuse 10.2

    Dear Everyone,

    I am trying to use an OpenSuse 10.2 computer on a Windows 2000 domain
    using winbind authentication (join to domain). I added a few lines to
    the smb.conf for extracting sfu attributes, and my smb.conf looks like
    this:
    [global]
    idmap backend = ad
    idmap gid = 1000-100000
    idmap uid = 1000-100000
    winbind uid = 16777216-33554431
    winbind gid = 16777216-33554431
    password server = dell.umn.org.np
    realm = UMN.ORG.NP
    workgroup = HQ
    security = ADS
    template homedir = /home/%D/%U
    template shell = /bin/bash
    usershare allow guests = No
    winbind refresh tickets = yes
    winbind cache time = 3600
    workgroup = HQ
    winbind use default domain = yes
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind nested groups = Yes
    winbind nss info = sfu
    winbind offline logon = Yes
    winbind use default domain = yes
    debuglevel = 4
    log level = 4

    I was able to easily view users and groups on the domain, and the group
    info would be extracted easily.

    I recently applied available patches to the computer, because there were
    some issues with cdrom access for domain users, and Ximian evolution
    connection to Microsoft exchange that went away only on updating.

    However, now I can see uids for users, but the gids are not getting
    resolved. I am attaching sample output below:
    opensuse:~ # id prajjwal
    uid=10000(prajjwal) gid=10000
    groups=10000,10032,10133,10002,10117
    opensuse:~ # groups prajjwal
    id: cannot find name for group ID 10000
    10000 id: cannot find name for group ID 10032
    10032 id: cannot find name for group ID 10133
    10133 id: cannot find name for group ID 10002
    10002 id: cannot find name for group ID 10117
    10117

    As samba-client and samba-winbind on the server were 3.0.23 even on
    updating, I even tried manually downloading the latest rpms from the
    opensuse ftp site and installing them. However, my problem still
    remains. My installed samba packages are listed below:

    opensuse:~ # rpm -qa|grep samba
    kdebase3-samba-3.5.5-78
    yast2-samba-client-2.14.4-3
    yast2-samba-server-2.14.3-10
    samba-client-3.0.24-12.1.55
    samba-winbind-3.0.24-12.1.55

    Extra information:

    wbinfo -u and wbinfo -g both return proper domain user and group
    listings. wbinfo -p also returns a successful result.

    After doing getent group for a particular group, then that group can get
    resolved. For example, continuing on the information provided above:
    opensuse:~ # getent group 'Domain Users'
    domain users:x:10000:guest
    opensuse:~ # groups prajjwal
    id prdomain users id: cannot find name for group ID 10032
    10032 id: cannot find name for group ID 10133
    10133 id: cannot find name for group ID 10002
    10002 id: cannot find name for group ID 10117
    10117
    opensuse:~ # id prajjwal
    uid=10000(prajjwal) gid=10000(domain users) groups=10000(domain
    users),10032,10133,10002,10117

    As you can see, now the uid 10000 is resolved as Domain users, while
    other groups are still not resolved.

    All the other linux computers on my domain are running fine: I have got
    centos 4, fedora core 5, and opensuse 10.2 running.

    Can anyone help me get this problem sorted out?

    Thanks a lot,
    Prajjwal
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. [Samba] Re: Domain membership problem in OpenSuse 10.2

    Hi Everyone,

    I found out my mistake. The funny thing is: it works in Fedora Core 5,
    even though I have the same lines in the smb.conf file.

    The two lines:
    winbind uid = 16777216-33554431
    winbind gid = 16777216-33554431
    were causing the problem. I tried two things, and both worked:
    a. I changed the winbind uid and gid to 1000-100000, and I could get a
    proper listing
    b. Removing the winbind uid and gid lines altogether worked as well.

    Prajjwal

    On 4/18/07, Prajjwal P. Devkota wrote:
    >
    > Dear Everyone,
    >
    > I am trying to use an OpenSuse 10.2 computer on a Windows 2000 domain
    > using winbind authentication (join to domain). I added a few lines to
    > the smb.conf for extracting sfu attributes, and my smb.conf looks like
    > this:
    > [global]
    > idmap backend = ad
    > idmap gid = 1000-100000
    > idmap uid = 1000-100000
    > winbind uid = 16777216-33554431
    > winbind gid = 16777216-33554431
    > password server = dell.umn.org.np
    > realm = UMN.ORG.NP
    > workgroup = HQ
    > security = ADS
    > template homedir = /home/%D/%U
    > template shell = /bin/bash
    > usershare allow guests = No
    > winbind refresh tickets = yes
    > winbind cache time = 3600
    > workgroup = HQ
    > winbind use default domain = yes
    > winbind enum users = Yes
    > winbind enum groups = Yes
    > winbind nested groups = Yes
    > winbind nss info = sfu
    > winbind offline logon = Yes
    > winbind use default domain = yes
    > debuglevel = 4
    > log level = 4
    >
    > I was able to easily view users and groups on the domain, and the group
    > info would be extracted easily.
    >
    > I recently applied available patches to the computer, because there were
    > some issues with cdrom access for domain users, and Ximian evolution
    > connection to Microsoft exchange that went away only on updating.
    >
    > However, now I can see uids for users, but the gids are not getting
    > resolved. I am attaching sample output below:
    > opensuse:~ # id prajjwal
    > uid=10000(prajjwal) gid=10000
    > groups=10000,10032,10133,10002,10117
    > opensuse:~ # groups prajjwal
    > id: cannot find name for group ID 10000
    > 10000 id: cannot find name for group ID 10032
    > 10032 id: cannot find name for group ID 10133
    > 10133 id: cannot find name for group ID 10002
    > 10002 id: cannot find name for group ID 10117
    > 10117
    >
    > As samba-client and samba-winbind on the server were 3.0.23 even on
    > updating, I even tried manually downloading the latest rpms from the
    > opensuse ftp site and installing them. However, my problem still
    > remains. My installed samba packages are listed below:
    >
    > opensuse:~ # rpm -qa|grep samba
    > kdebase3-samba-3.5.5-78
    > yast2-samba-client-2.14.4-3
    > yast2-samba-server-2.14.3-10
    > samba-client-3.0.24-12.1.55
    > samba-winbind-3.0.24-12.1.55
    >
    > Extra information:
    >
    > wbinfo -u and wbinfo -g both return proper domain user and group
    > listings. wbinfo -p also returns a successful result.
    >
    > After doing getent group for a particular group, then that group can get
    > resolved. For example, continuing on the information provided above:
    > opensuse:~ # getent group 'Domain Users'
    > domain users:x:10000:guest
    > opensuse:~ # groups prajjwal
    > id prdomain users id: cannot find name for group ID 10032
    > 10032 id: cannot find name for group ID 10133
    > 10133 id: cannot find name for group ID 10002
    > 10002 id: cannot find name for group ID 10117
    > 10117
    > opensuse:~ # id prajjwal
    > uid=10000(prajjwal) gid=10000(domain users) groups=10000(domain
    > users),10032,10133,10002,10117
    >
    > As you can see, now the uid 10000 is resolved as Domain users, while
    > other groups are still not resolved.
    >
    > All the other linux computers on my domain are running fine: I have got
    > centos 4, fedora core 5, and opensuse 10.2 running.
    >
    > Can anyone help me get this problem sorted out?
    >
    > Thanks a lot,
    > Prajjwal

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread